Data StorageDataBaseGovernement-ITRegulationStorage

IBM Security Offers GDPR Help Ahead Of Looming Deadline

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

With only a year to go before the arrival of GDPR, Big Blue offers ways to help organisations to deal with the strict regulations

Today is exactly one year until the strict Global Data Protection Regulations (GDPR) will come into effect across Europe.

As the countdown nears and organisations scramble to become compliant, IBM Security has launched a GDPR service to help firms address the issue.

GDPR replaces the previous Data Protection Directive and has been designed to remove fragmentation around data privacy laws across Europe, as well as give citizens new powers to control their personal information. Silicon UK has provided an overview here of the impending regulations.

Data protection © pedrosek, Shutterstock 2012

Looming Deadline

GDPR was approved by the EU Parliament on 14th April 2016 after four years of discussion and will come into effect on 25th May 2018 for all businesses operating within the European Union.

And the bad news is that research from Blancco Technology Group has revealed that the UK is significantly less prepared than its European counterparts. That research also found that Brexit may be contributing to low UK levels of knowledge.

To this end, new incident response capabilities have been added to IBM Resilient security portfolio, to help companies address the GDPR.

“These capabilities are designed to help clients rehearse, prepare for and manage the new regulations,” said Big Blue. “GDPR is one of the biggest changes in data privacy law in decades which goes into effect on 25 May 2018.”

It point out that GDPR may require significant changes to the way organisations respond to consumer data breaches. Businesses operating in Europe for example will have 72 hours to notify the supervising authority and data subject of a breach, or risk being fined 20 million euros (£17.3m) or up to four percent of their global annual turnover.

And with a recent Ponemon Institute study finding that 75 percent of organisations lack a consistent cyber security incident response plan (CSIRP), it means that some firms could struggle to deliver a GDPR response if an incident does occur.

IBM Security therefore has added new GDPR capabilities to its Resilient Incident Response platform (IRP) a year ahead of the 2018 deadline.

Among the capabilities IBM Security is offering, is a Resilient GDPR Preparatory Guide (interactive tool detailing step-by-step how firms can prepare for GDPR); Resilient GDPR Simulation (to help organisations rehearse the actions they may need to take if they experience a breach under GDPR); and Resilient GDPR-Enhanced Privacy Module (GDPR regulations added to IBM’s global privacy module, designed to reduce the time and complexity of responding to a data breach under the new regulation).

“GDPR is ushering in some of the most important changes to European data privacy regulations in twenty years, much of it involving policies and documentation that are difficult to improve with technology,” said IBM Resilient CEO John Bruce. “The Resilient Incident Response Platform is designed to help businesses comply with GDPR. It prescribes and can orchestrate people, process and technology in specific responses to data breaches.”

Work To Do

It is worth remembering that Brexit will not deliver a get out of jail free card, as the UK government has unequivocally stated that the new rules will come into effect before Britain leaves the EU.

In March the Information Commissioner’s Office (ICO) found “concerning” shortcomings in local councils’ work on data protection ahead of the implementation of the GDPR rules next year.

The GDPR has been in the planning since January 2012, and it aims to give citizens back control over their data in the digital age, including the right to be forgotten. It also imposes tough financial penalties on businesses for not protecting data.

The GDPR replaces the Data Protection Directive that was introduced in 1995, and the new law takes into account the arrival of the Internet, smartphones, and social networking.

Quiz: How much do you know about the European Commission?